Security and Trust Center

Description

Cyber Essentials is a UK Government-backed framework that helps protect organizations from many different cyber attacks.  

Dell’s certificate certifies that the organization was assessed as meeting the Cyber Essentials implementation profile for its UK locations supporting the UK Public sector.  

Download Certificate

Description

Dell has completed the CyberGRX assessment, validated by CyberGRX strategic partners Deloitte and Touche and KPMG.

The CyberGRX assessment methodology identifies both inherent and residual risk and uses near real time threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture.

The CyberGRX Risk Assessment may be requested here.

Description

CyberVadis has completed an assessment of Dell Technologies corporate security environment to validate the design and implementation of controls.

CyberVadis is a scalable solution for managing third-party cybersecurity risk assessment process. CyberVadis is based on a methodology that maps to all major international compliance standards, including GDPR, NIST, NY DFS, CCPA, and many more. It combines the speed of automation with the accuracy and effectiveness of a team of experts. 

To access the report, please contact your dedicated sales and service representative.

Description

The EU Data Act is a European regulation that establishes rules on who can access and use data generated by connected devices and 
digital services. Questions may be sent by email to eu.data.act@dell.com. 

Supporting Documents

• EU Data Act In-Scope Products

• EU Data Act Schedule

• EU Data Act System Data Access Acceptable Use Policy

Data Disclosures

Data Disclosures for Connected Products or Related Services can be accessed directly on the EU Data Act In-Scope Products & Services (in English) website.

Access, Switching, & Deletion Requests

Requests can only be processed for EU Customers and must be complete before they can be processed. 

 Access requests are only available for Connected Products and Related Services. 

Switching and Deletion Requests are only available for Data Processing Services.

To facilitate Access or Switching Requests, Request Data Access in the Dell Technologies Privacy Center and select the option for an EU Data Act request. 

If you would like a third party to carry out an access request on your behalf, 

please include a signed copy of the EU Data Act Third-Party Request Form with the submission.

To facilitate a Deletion Request, Request Data Deletion  in the Dell Technologies Privacy Center and select the option for an EU Data Act request.

Description

Dell Technologies Global ISO 27001 Multi-Site Certification is an Information Security Management System (ISMS) and encompasses activities which enable the protection of information assets across the enterprise including Dell Technology Services (DTS), Sales, Dell Financial Services (DFS), Dell Infrastructure Solutions Group (ISG) and supporting functions inclusive of the Security & Resiliency Organization (SRO); IT; Facilities Management, Human Resources and Legal, in accordance with the Statement of Applicability.

Download Certificate     Download Statement of Applicability

Description

An accreditation system for the aerospace, defense and security sectors. The system was established following an initiative led by ADS Group and includes a growing number of prime contractors as registered buyers together with the MoD. JOSCAR is a cross-sector community which reduces the time, cost and resources and duplication needed to provide information to major buying organizations.

Joscar provides a risk management tool that objectively assesses potential vendor risks, proportionally to products and services being provided and across relevant areas of compliance.

This JOSCAR certificate covers all of Dells Products and Services

Description

KY3P^® Assessments* is a third-party assessment solution designed to facilitate the exchange of standardized and validated risk data between service providers and their customers.

KY3P^® has completed an independent comprehensive risk assessment of Dell Technologies corporate security environment to validate the design and implementation of controls. The validation process included structured inquiries regarding design elements and specific requirements, policy, program, and procedure inspections, as well as reviews of supporting evidence. The risk assessments can be leveraged by leading financial institutions globally to accelerate vendor due diligence requirements and cloud adoption. KY3P standardizes and simplifies third party due diligence, provides end-to-end visibility and vigilance needed to protect the supply chain. 

The KY3P^® Dell Technologies Risk Assessment may be requested here.

Description

The O-TTPS Certification Program is to assure customers of the integrity of commercial off-the-shelf (COTS) information and ICT products worldwide and to safeguard global supply chains against increasingly sophisticated security attacks.

Intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain, the certification program helps ensure applicants conform to the O-TTPS standard.

Demonstration of conformance through this independent, voluntary O-TTPS Certification Program process provides formal recognition of an organization’s conformance to this industry standard. Successful applicants will gain certification and can use the Open Trusted Technology Provider trademarked logo.

Dell participates in the O-TTPS Certification Program by completing a self-assessment of its compliance with O-TTPS version 1.2 (ISO/IEC 20243:2023).

Products in Scope

Client and IT Infrastructure Products from Dell Technologies, Inc.

Download Certificate here

Description

The DSPT assessment is a mandatory requirement for all organizations that access NHS patient information. It ensures that we uphold strong information governance practices and demonstrate compliance through the publication of annual assessments. This is also a contractual obligation under the NHS England standard conditions contract, which states: “The organization must complete and publish an annual information governance assessment and must demonstrate satisfactory compliance as defined in the DSP Toolkit.”

The DSP Toolkit provides a framework for organizations to show they can be trusted to maintain the confidentiality and security of personal data. It helps build public confidence in how the NHS and its partners handle sensitive information, and it allows organizations to assess their compliance with legal and regulatory standards. 

Download Certification Here

Description

PCI Data Security Standard (PCI DSS) applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD). PCI DSS is a set of security standard comprises of technical and operational requirements, developed by PCI Security Standards Council (PCI SSC) for protecting payment data. PCI Security Standards Council or SSC, which was founded by 5 major payment brands American Express, Discover, JCB International, MasterCard and Visa Inc with the purpose of developing and driving the adoption of PCI DSS.

Dell Inc. is an eCommerce Merchant and required to comply with PCI Data Security Standard (PCI DSS).  We are a Level 2 Merchant and report PCI compliance status to acquirers through Self-Assessment Questionnaires (SAQ). We perform PCI DSS Assessment annually and the assessment was validated by certified PCI Internal Security Assessor (ISA). Dell Inc. is certified as a PCI DSS Level 2 Merchant.

Description

SOC reports are governed by the American Institute of Certified Public Accountants (AICPA) and focus on offering assurance that the controls service organizations put in place to protect their clients’ assets are effective. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

Dell operates a centrally governed SOC program and SOC reports are specific to our Offers and Services and independently assessed and attested by PwC and Schellman Compliance.

To access the report, please contact your dedicated sales and service representative.

Services In Scope include

Offer/Service	Assurance Level	Report Period Start	Report Period End
AI Ops Infrastructure Observability	Type 2 SOC 2	October 01, 2023	September 30, 2024
Dell Automation Platform	Type 1 SOC 2	As of August 15, 2025
Dell Managed Services Platform (DMSP)	Type 2 SOC 2	October 01, 2023	September 30, 2024
Managed Detection & Response (MDR)	Type 2 SOC 2	October 01, 2023	September 30, 2024
Apex AIOps Incident Management Platform	Type 2 SOC 2	April 01, 2024	September 30, 2024
Moogsoft Hosted Platform	Type 2 SOC 2	April 01, 2024	September 30, 2024
Remote Manages Services for Backup, Storage and Converged Infrastructure Services	Type 2 SOC 1	October 01, 2023	September 30, 2024
Remote Manages Services for Backup, Storage and Converged Infrastructure Services	Type 2 SOC 2	October 01, 2023	September 30, 2024
Virtustream Enterprise Cloud (VEC)	Type 2 SOC 1	June 01, 2024	June 30, 2025
Virtustream Enterprise Cloud (VEC)	Type 2 SOC 2	June 01, 2024	June 30, 2025
Virtustream Federal Cloud (VFC)	Type 2 SOC 1	June 01, 2024	June 30, 2025
Virtustream Federal Cloud (VFC)	Type 2 SOC 2	June 01, 2024	June 30, 2025
Wyse Management Suite (WMS)	Type 2 SOC 2	December 01, 2023	September 30, 2024
Modular Managed Services (MMS)	Type 1 SOC 2	As of December 20, 2024

Description

Dell participates in Swift’s Customer Security Programme (CSP) to help financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually.

With solid attestation and compliance rates, the CSP reflects a community of highly engaged users committed to stopping cyberattacks in their tracks. And, as the cyber threat landscape evolves, so too does the CSP.

You can also find more info here Customer Security Programme (CSP) | Swift

Description

Trusted Information Security Assessment Exchange (TISAX) is the standard to prove to the automotive industry that the information entrusted to Dell Technologies is secure and conforms to a defined level of information security requirements according to the German Association of the Automotive Industry (VDA ISA). TISAX is a registered trademark and governed by the ENX Association. The ENX portal is used as an exchange mechanism to share Dell’s assessment results with the automotive industry.

Dell’s scope ID on the ENX portal is  S8R56Z. This will provide you with a summary of our overall assessment results for the Professional, Managed & Field Services teams at the following locations:

LR5M8V Dell GmbH Frankfurt am Main
LV4T3L Dell GmbH München (Ismaning) ► Main Location
L149V1 Dell GmbH Stuttgart (Leonberg)
LM9LYX Dell International Services India
LMMM29 Dell Ovens Cork
LP0LWY Dell Technologies Services Dalian
LCL6F7 Dell Egypt Service Center